<?php

/**
 * @author FROSTY (valik619)
 * @site nadmad.ru
 * @mail valik619@inbox.ru
 */
 
$title = 'WBCMS - wap blogs CMS';

include('system/core.php');

if (!$uid) {
    header('Location: http://'.$set['home'].'/login.php');
    exit;
}

if ($user['rights'] != 1) {
    header('Location: http://'.$set['home'].'/index.php');
    exit;
}

include('system/head.php');

$action=htmlspecialchars(trim($_GET['a']));

echo '<div class="title">'.$lang['panel'].'</div>';

switch ($action){

default:

    //echo '<div id="imenu">';

echo '<div class="small"><a class="url" href="adm.php?a=blog">'.$lang['general'].'</a></div>';

echo '<div class="small"><a class="url" href="../admin/files.php">'.$lang['files'].'</a></div>';

echo '<div class="small"><a class="url" href="../rekl/add.php">'.$lang['ads'].'</a></div>';

echo '<div class="small"><a class="url" href="../admin/banners.php">'.$lang['counters'].'</a></div>';

echo '<div class="small"><a class="url" href="office.php">'.$lang['cabinet'].'</a></div>';

//echo '</div>';
    
    
    
    
break;


case 'blog':

if (isset($_POST['submit'])) {
    
$design = isset($_POST['design']) ? trim($_POST['design']) : '';
if($design)
mysql_query("UPDATE `set` SET `val` = '$design' WHERE `key` = 'design' LIMIT 1");

$language = isset($_POST['lenguage']) ? trim($_POST['lenguage']) : '';
if($language)
mysql_query("UPDATE `set` SET `val` = '$language' WHERE `key` = 'language' LIMIT 1");

$home = isset($_POST['home']) ? trim($_POST['home']) : '';
if($home)
mysql_query("UPDATE `set` SET `val` = '$home' WHERE `key` = 'home' LIMIT 1");

$copy = isset($_POST['copy']) ? trim($_POST['copy']) : '';
if($copy)
mysql_query("UPDATE `set` SET `val` = '$copy' WHERE `key` = 'copy' LIMIT 1");

$acces = isset($_POST['acces']) ? trim($_POST['acces']) : '0';
mysql_query("UPDATE `set` SET `val` = '$acces' WHERE `key` = 'general' LIMIT 1");

$mainmenu = isset($_POST['mainmenu']) ? trim($_POST['mainmenu']) : '';
if($mainmenu)
mysql_query("UPDATE `set` SET `val` = '$mainmenu' WHERE `key` = 'mainmenu' LIMIT 1");


$description = isset($_POST['description']) ? trim($_POST['description']) : '';
if($description)
mysql_query("UPDATE `set` SET `val` = '$description' WHERE `key` = 'description' LIMIT 1");

$keywords = isset($_POST['keywords']) ? trim($_POST['keywords']) : '';
if($keywords)
mysql_query("UPDATE `set` SET `val` = '$keywords' WHERE `key` = 'keywords' LIMIT 1");




    echo '<div class="omenu">'.$lang['info_save'].'</div>';
    
}


 echo '<div id="imenu">';
 
echo '<div class="padding">';
echo '<form action="adm.php?a=blog" method="post">';

echo '<h3>'.$lang['site_design'].'</h3><select name="design">';
$dir = opendir('design');
while ($design = readdir($dir)) {
    if (($design != '.') && ($design != '..') && ($design != '.svn')) {
        $design = str_replace('.css', '', $design);
        echo '<option' . ($set['design'] == $design ? ' selected="selected">' : '>') . $design . '</option>';
    }
}
closedir($dir);
echo '</select><br /><p>';


echo '<h3>'.$lang['lng'].'</h3><select name="lenguage">';
$dir1 = opendir('language');
while ($lenguage = readdir($dir1)) {
    if (($lenguage != '.') && ($lenguage != '..')) {
        echo '<option' . ($set['language'] == $lenguage ? ' selected="selected">' : '>') . $lenguage . '</option>';
    }
}
closedir($dir1);
echo '</select><br /><p>';

echo '<h3>'.$lang['copy'].'</h3>';
echo '<input type="name" name="copy" maxlength="200" value="'.$set['copy'].'" /><br />';
echo '<h3>'.$lang['url_site'].'</h3>';
echo '<input type="name" name="home" maxlength="200" value="'.$set['home'].'" /><br />';

echo '<h3>'.$lang['description'].' (max 500)</h3>';
echo '<input type="name" name="description" maxlength="500" value="'.$set['description'].'" /><br />';

echo '<h3>'.$lang['keywords'].' (max 500)</h3>';
echo '<input type="name" name="keywords" maxlength="500" value="'.$set['keywords'].'" /><br />';

echo '<h3>'.$lang['mainmenu'].'</h3>';
//Пробачте за бидлокод...
if($set['mainmenu'] == 1){
echo '<p><div class="info"><input type="radio" name="mainmenu" value="1" checked><a href="files/images/1.png">'.$lang['mainmenu'].' №1</a></div></p>';
}else echo '<p><div class="info"><input type="radio" name="mainmenu" value="1"><a href="files/images/1.png">'.$lang['mainmenu'].' №1</a></div></p>';
if($set['mainmenu'] == 2){
echo '<p><div class="info"><input type="radio" name="mainmenu" value="2" checked><a href="files/images/2.png">'.$lang['mainmenu'].' №2</a></div></p>';
}else echo '<p><div class="info"><input type="radio" name="mainmenu" value="2"><a href="files/images/2.png">'.$lang['mainmenu'].' №2</a></div></p>';
if($set['mainmenu'] == 3){
echo '<p><div class="info"><input type="radio" name="mainmenu" value="3" checked><a href="files/images/3.png">'.$lang['mainmenu'].' №3</a></div></p>';
}else echo '<p><div class="info"><input type="radio" name="mainmenu" value="3"><a href="files/images/3.png">'.$lang['mainmenu'].' №3</a></div></p>';
//Пробачте за бидлокод...
if($set['general'] == 1){
echo '<p><div class="info"><small>'.$lang['acces'].'?</small><br /><input type="checkbox" name="acces" value="1" checked><small>Yes</small></div></p>';
}else{
 echo '<p><div class="info"><small>'.$lang['acces'].'?</small><br /><input type="checkbox" name="acces" value="1"><small>Yes</small></div></p>';  
}
echo '<p><input type="submit" name="submit" value="Save"/></form></p>';

echo '</div>';

echo '</div>'; //Block

echo '<div class="title">'.$lang['other'].'</div>';

echo '<div class="small"><a class="url" href="adm.php?a=add_cat">'.$lang['add_cat'].'</a></div>';

echo '<div class="small"><a class="url" href="adm.php?a=add_post">'.$lang['add_post'].'</a></div>';

echo '<div class="small"><a class="url" href="adm.php?a=ecat">'.$lang['structure'].'</a></div>';

echo '<div class="small"><a class="url" href="../admin/smileys.php">'.$lang['smileys_up'].'</a></div>';

echo '<div class="small"><a class="url" href="adm.php">'.$lang['back'].'</a></div></p>';

//echo '</div>'; //imenu



break;


case 'add_cat':

//echo '<div class="title"><a href="adm.php">'.$lang['setting'].'</a> | '.$lang['blog'].'</div>';

if (isset($_POST['submit'])) {
    
$name = isset($_POST['name']) ? trim($_POST['name']) : '';
$soft = isset($_POST['soft']) ? trim($_POST['soft']) : '';
$error = 0;
if(!$name || strlen($name) > 200){
    echo '<div class="omenu">Max. 200</div>';
    $error = 1;
}
$rows = mysql_query("SELECT * FROM `cat` WHERE `name` = '$name'");
if(mysql_num_rows($rows) > 0){
    echo '<div class="omenu">'.$lang['vzeisnue'].'</div>';
    $error = 1;
}



$max2 = mysql_query("SELECT * FROM `cat` ORDER BY `order` DESC
LIMIT 1");
$max1 = mysql_fetch_assoc($max2);
$max = $max1['order'];
if($max) {$order = $max+1;}else{$order = 1;}
if(!$error){
$zapros = mysql_query("INSERT INTO `cat` (`name`, `soft`, `order`) VALUES ('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($soft)."', '$order');");
}

    if(!$error) echo '<div class="omenu">'.$lang['info_save'].'</div>';
    
}


echo '<div id="imenu">';

echo '<form action="adm.php?a=add_cat" method="post">';
echo '<h3>'.$lang['title'].'*</h3>';
echo '<input type="name" name="name" maxlength="200" value="" /><br />';
echo '<h3>'.$lang['soft'].'</h3>';
echo '<textarea name="soft" maxlength="200"></textarea><br />';

echo '<p><input type="submit" name="submit" value="'.$lang['add'].'"/></form></p>';

echo '</div>';
break;


case 'add_post':

if (isset($_POST['submit'])) {
    
$name = isset($_POST['name']) ? trim($_POST['name']) : '';
$soft = isset($_POST['soft']) ? trim($_POST['soft']) : '';
$categ = isset($_POST['cat']) ? trim($_POST['cat']) : '';
$description = isset($_POST['description']) ? trim($_POST['description']) : '';
$keywords = isset($_POST['keywords']) ? trim($_POST['keywords']) : '';
$error = 0;
if(!$name || strlen($name) > 200){
    echo '<div class="omenu">Max. 200</div>';
    $error = 1;
}

if(strlen($description) > 500){
    echo '<div class="omenu">Description Max. 500</div>';
    $error = 1;
}

if(strlen($keywords) > 500){
    echo '<div class="omenu">Keywords Max. 500</div>';
    $error = 1;
}

$rows = mysql_query("SELECT * FROM `posts` WHERE `name` = '$name'");
if(mysql_num_rows($rows) > 0){
    echo '<div class="omenu">'.$lang['vzeisnue'].'</div>';
    $error = 1;
}

if(!$error){
$zapros = mysql_query("INSERT INTO `posts` (`name`, `text`, `description`, `keywords`, `time`, `uid`, `catid`) VALUES ('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($soft)."', '".mysql_real_escape_string($description)."', '".mysql_real_escape_string($keywords)."', '".time()."', '$uid', '$categ');");
}
if($zapros == FALSE){
    $error = 1;
}

    if(!$error) echo '<div class="omenu">'.$lang['info_save'].'</div>';
    
}


echo '<div id="imenu">';

echo '<form action="adm.php?a=add_post" method="post">';
echo '<h3>'.$lang['title'].'* (max 200)</h3>';
echo '<input type="name" name="name" maxlength="200" value="" /><br />';

echo '<h3>'.$lang['text'].'* (max 10000)</h3>';

include($root.'system/inc/auto.php'); //Подключаем автовставку бб кодов

echo '<textarea name="soft" id="post"></textarea><br />';

echo '<h3>'.$lang['description'].' (max 500)</h3>';

echo '<textarea name="description"></textarea><br />';

echo '<h3>'.$lang['keywords'].' (max 500)</h3>';

echo '<textarea name="keywords"></textarea><br />';

echo '<h3>'.$lang['cat'].'</h3><select name="cat">';

$categories=mysql_query("SELECT * FROM `cat`");
while($row=mysql_fetch_assoc($categories)){

echo '<option value="'.$row['id'].'">' . $row['name'] . '</option>';
    
    };

echo '</select><br /><p>';

echo '<p><input type="submit" name="submit" value="'.$lang['add'].'"/></form></p>';

 echo '<div class="info"><a href="'.$root.'smile.php">'.$lang['smiley'].'</a></div>';
   
echo '</div>';

break;


case 'ecat':

$pr = $_GET['id'];
if(!$pr){
$categories=mysql_query("SELECT * FROM `cat` ORDER BY `order`");
echo '<div id="imenu">';
while($row=mysql_fetch_assoc($categories)){
    $posts = mysql_query("SELECT * FROM `posts` WHERE `catid` = '$row[id]'");
    $p = mysql_num_rows($posts); 
    echo '<div class="info"><a href="adm.php?a=ecat&amp;id='.$row['id'].'">'.$row['name'].'</a></div><div class="menu"> <a href="adm.php?a=catp&amp;id='.$row['id'].'">['.$lang['redaction'].']</a> <a href="cat/index.php?id='.$row['id'].'">&gt;&gt;</a></div>';
    };
echo '</div>';
}else{
    
    $namecat = mysql_query("SELECT * FROM `cat` WHERE `id` = '$pr'");
    $nam = mysql_fetch_assoc($namecat);
    echo '<div id="imenu">';

echo '<form action="adm.php?a=scat" method="post">';
echo '<h3>'.$lang['title'].' (max 200)</h3>';
echo '<input type="name" name="name" maxlength="200" value="'.$nam['name'].'" /><br />';
echo '<h3>'.$lang['text'].' (max 200)</h3>';
echo '<textarea name="soft">'.$nam['soft'].'</textarea><br />';
echo '<input type="hidden" name="id" value="'.$pr.'">';
echo '<p><input type="submit" name="submit" value="Save"/></form></p>';
echo '<p><div class="info"><a href="adm.php?a=delcat&amp;id='.$pr.'">'.$lang['delete'].'</a> <a href="adm.php?a=clearcat&amp;id='.$pr.'">'.$lang['clear'].'</a></div></p>';
echo '</div>';    
    
}
break;


case 'scat':

$name = $_POST['name'];
$soft = $_POST['soft'];
$pr = $_POST['id'];

if(!$name || strlen($name) > 200 || strlen($soft) > 200){
    echo '<div class=omenu>'.$lang['vsipolia'].'</div>';
    break;
}

mysql_query("UPDATE `cat` SET `name` = '$name' WHERE `id` = '$pr'");
mysql_query("UPDATE `cat` SET `soft` = '$soft' WHERE `id` = '$pr'");

echo '<div class="info">'.$lang['allok'].'</div>';
echo '<div class="title"><a href="adm.php?a=ecat">'.$lang['back'].'</a></div>';

break;

case 'delcat':
$pr = $_GET['id'];

$sus = mysql_query("SELECT * FROM `cat` WHERE `id` = '$pr'");

if(!mysql_num_rows($sus)){
    echo '<div class="omenu">'.$lang['not'].'</div>';
break;
}

$sus1 = mysql_query("SELECT * FROM `posts` WHERE `catid` = '$pr'");

while($row=mysql_fetch_assoc($sus1)){
    mysql_query("DELETE FROM `comments` WHERE `pid` = '$row[id]'");
    mysql_query("DELETE FROM `likes` WHERE `pid` = '$row[id]'");
}; //Вот таким вот быдлокодерским методом я удаляю все лайки и комментарии удаленных постов

mysql_query("DELETE FROM `cat` WHERE `id` = '$pr'");
mysql_query("DELETE FROM `posts` WHERE `catid` = '$pr'");
echo '<div class="info">'.$lang['alldel'].'</div>';
echo '<div class="title"><a href="adm.php?a=ecat">'.$lang['back'].'</a></div>';

break;

case 'clearcat':
$pr = $_GET['id'];

$sus = mysql_query("SELECT * FROM `cat` WHERE `id` = '$pr'");

if(!mysql_num_rows($sus)){
    echo '<div class="omenu">'.$lang['not'].'</div>';
break;
}
$sus1 = mysql_query("SELECT * FROM `posts` WHERE `catid` = '$pr'");

while($row=mysql_fetch_assoc($sus1)){
    mysql_query("DELETE FROM `comments` WHERE `pid` = '$row[id]'");
    mysql_query("DELETE FROM `likes` WHERE `pid` = '$row[id]'");
}; 

mysql_query("DELETE FROM `posts` WHERE `catid` = '$pr'");

echo '<div class="info">'.$lang['clearok'].'</div>';

echo '<div class="title"><a href="adm.php?a=ecat">'.$lang['back'].'</a></div>';

break;

case 'catp':

$pr=$_GET['id'];  

    echo '<div id="imenu">';

$posts=mysql_query("SELECT * FROM `posts` WHERE `catid` = '$pr'");

    //Моя навигация
    $page = (isset($_GET['p'])) ? intval($_GET['p']) : 1 ; 
    $allpage = ceil(mysql_num_rows($posts)/$kmess);
    $start = $page*$kmess - $kmess; 

if(!mysql_num_rows($posts)){
    echo '<div class="info">'.$lang['rubric'].'</div>';
if($user['rights'] == 1) echo '<div class="info"><a href="adm.php?a=add_post">'.$lang['add'].'</a></div>';
        
        }else{
          $post=mysql_query("SELECT * FROM `posts` WHERE `catid` = '$pr' LIMIT $start,$kmess");
while($row=mysql_fetch_assoc($post)){
    
    echo '<div class="omenu"><a href="adm.php?a=editpost&amp;id='.$row['id'].'">'.$row['name'].'</a></div>';
    
    };
    $total = mysql_num_rows($posts);
    if($total>$kmess){
    echo '<p>';
    functions::navigation($allpage,"index.php?id=".$pr."&amp;p={p}",1);  
echo '</p>';}
    

    echo '</div>';
    
        echo '<div class="title">'.$lang['total'].': '.$total.'';
    if($rights == 1){
        echo ' | <a href="../adm.php?a=add_post">'.$lang['add'].'</a></div>';
    }else echo '</div>';
        
        
            }
    
    echo '</div>';
break;
/*Изменение постов их удаление*/

case 'editpost':

$pr = $_GET['id'];

    
    $namepost = mysql_query("SELECT * FROM `posts` WHERE `id` = '$pr'");
    $nam = mysql_fetch_assoc($namepost);
    echo '<div id="imenu">';

echo '<form action="adm.php?a=sposts" method="post">';
echo '<h3>'.$lang['title'].' (max 200)</h3>';
echo '<input type="name" name="name" maxlength="200" value="'.$nam['name'].'" /><br />';
echo '<h3>'.$lang['text'].' (max 200)</h3>';
echo '<textarea name="soft">'.$nam['text'].'</textarea><br />';
echo '<input type="hidden" name="id" value="'.$pr.'">';
echo '<p><input type="submit" name="submit" value="Save"/></form></p>';
echo '<p><div class="info"><a href="adm.php?a=delpost&amp;id='.$pr.'">'.$lang['delete'].'</a></div></p>';
echo '</div>';    
    

break;


case 'sposts':

$name = $_POST['name'];
$soft = $_POST['soft'];
$pr = $_POST['id'];

if(!$name || strlen($name) > 200 || strlen($soft) > 10000){
    echo '<div class=omenu>'.$lang['vsipolia'].'</div>';
    break;
}

mysql_query("UPDATE `posts` SET `name` = '$name' WHERE `id` = '$pr'");
mysql_query("UPDATE `posts` SET `text` = '$soft' WHERE `id` = '$pr'");

echo '<div class="info">'.$lang['allok'].'</div>';
echo '<div class="title"><a href="adm.php?a=editpost&amp;id='.$pr.'">'.$lang['back'].'</a></div>';

break;

case 'delpost':
$pr = $_GET['id'];

$sus = mysql_query("SELECT * FROM `posts` WHERE `id` = '$pr'");

if(!mysql_num_rows($sus)){
    echo '<div class="omenu">'.$lang['not'].'</div>';
break;
}
mysql_query("DELETE FROM `posts` WHERE `id` = '$pr'");
mysql_query("DELETE FROM `likes` WHERE `pid` = '$pr'");
mysql_query("DELETE FROM `comments` WHERE `pid` = '$pr'");
echo '<div class="info">'.$lang['alldel'].'</div>';
echo '<div class="title"><a href="adm.php?a=ecat">'.$lang['back'].'</a></div>';

break;


break;


}




include('system/foot.php');

/**
 * @author FROSTY (valik619)
 * @site nadmad.ru
 * @mail valik619@inbox.ru
 */

?>